Download
| Alert*
oval:org.secpod.oval:def:602744
rabbitmq-server is installed oval:org.secpod.oval:def:2001403 Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared between all machines when configured in a multi-tenant cluster. A remote attacker who can gain information about the network topology can guess this cookie and, if they have access to the right ports on ... oval:org.secpod.oval:def:2001535 An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. RabbitMQ management UI stores signed-in ... oval:org.secpod.oval:def:112149 rabbitmq-server is installed oval:org.secpod.oval:def:73706 rabbitmq-server: AMQP server written in Erlang Several security issues were fixed in rabbitmq-server. oval:org.secpod.oval:def:89047318 This update for rabbitmq-server fixes the following issues: - CVE-2021-32718: Fixed improper neutralization of script-related HTML tags in a web page in management UI . - CVE-2021-32719: Fixed improper neutralization of script-related HTML tags in a web page in federation management plugin . - CVE ... oval:org.secpod.oval:def:73699 rabbitmq-server: AMQP server written in Erlang Several security issues were fixed in rabbitmq-server. oval:org.secpod.oval:def:3301148 SUSE Security Update: Security update for rabbitmq-server oval:org.secpod.oval:def:89048023 This update for rabbitmq-server fixes the following issues: - CVE-2022-31008: Fixed predictable secret seed in URI encryption . oval:org.secpod.oval:def:2000383 An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management ... oval:org.secpod.oval:def:1901262 An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management ... oval:org.secpod.oval:def:1901456 An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management ... oval:org.secpod.oval:def:2001593 An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management ... oval:org.secpod.oval:def:112148 RabbitMQ is an implementation of AMQP, the emerging standard for high performance enterprise messaging. The RabbitMQ server is a robust and scalable implementation of an AMQP broker. oval:org.secpod.oval:def:602740 It was discovered that RabbitMQ, an implementation of the AMQP protocol, didn"t correctly validate MQTT connection authentication. This allowed anyone to login to an existing user account without having to provide a password. oval:org.secpod.oval:def:51860 rabbitmq-server: AMQP server written in Erlang RabbitMQ could allow unintended access to network services. oval:org.secpod.oval:def:703733 rabbitmq-server: AMQP server written in Erlang RabbitMQ could allow unintended access to network services. oval:org.secpod.oval:def:96519 It was discovered that missing input sanitizing in the HTTP API endpoint of RabbitMQ, an implementation of the AMQP protocol, could result in denial of service. oval:org.secpod.oval:def:96457 rabbitmq-server: AMQP server written in Erlang RabbitMQ could be made to denial of service if it received a specially crafted HTTP request. oval:org.secpod.oval:def:708604 rabbitmq-server: AMQP server written in Erlang RabbitMQ could be made to denial of service if it received a specially crafted HTTP request. oval:org.secpod.oval:def:89051273 This update for rabbitmq-server fixes the following issues: * CVE-2023-46118: Introduce HTTP request body limit for definition uploads . |